We found results for “”
WS-2021-0505
Good to know:
Date: December 26, 2021
The “Papermerge '' application is vulnerable to “Stored XSS in search result”. An attacker uploads a malicious file that contains XSS payloads and shares it with users of the application. When the user opens the file and selects the option to view OCRed text, the contents of the file are displayed in HTML format and XSS will be triggered.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | LOW |